Designing vSphere

Main menu

Post navigation

How to replace root user with different user name with same privileges

There are always two important things in credentials one is the user name and other is password. In ESX world root is default user name. So every knows at least one part of it. It is standard security concern raised by IT Risk. Let’s de-Risk it.

In Windows world it is standard practice rename administrator account and add other user in administrators group. That is exact method we are going to do. Create a user esx-admin and assign it same group as root and then delete root user.

Do not delete root user

So here are how to steps

Login to esxi host directly using vi client

Go to users & group as shown below

Create new user. In my case I took esx-admin name

Only fill up Login name, password and leave User name and UID blank which are optional. User name here is description that is it. Do not get confused with windows user creation style

Add localadmin and root group under group membership and Press ok

At this point you can access console i.e. DCUI using esx-admin user credentials but you cannot access vCenter

To get it working, go provide at the root of esx host administrator permission to esx-admin

Last and important step, stop using Root user for doing any administration purpose for 1 month and then safely delete root user.

Last and important step, stop using Root user for doing any administration purpose and use it only when VMsupport or other emergency case only.Do not delete it